The Green Sheet Online Edition

July 22, 2013 • Issue 13:07:02

Authentify xFA renders passwords obsolete

Global authentication services provider Authentify Inc. just launched an online security application designed to replace username and password as a form of authentication. By deploying the Authentify xFA Service and application, enterprises can offer to their employees and customers a solution that converts mobile devices into secure authenticators.

According to Authentify, the xFA app scans an on-screen, short-lived cryptograph or digital image that activates a public key infrastructure digital certificate for strong authentication on a smartphone with server-to-server class endpoint security.

To explain further, Authentify Vice President of Marketing John Zurawski said, "You use a special scanner very similar to a QR scanner, but it's built into the xFA app. You scan a digital image, which is actually a cryptograph, so there is information embedded in that image about the site they're trying to log onto. Underneath that a digital certificate swap actually happens."

Digital certificates are commonly used in web server communications to enable computers to identify themselves to one another. "It's a type of authentication that is very hard for the hackers to mess around with, because it's happening at machine level, and it's all happening in an encrypted form," Zurawski noted.

Comes with voice biometrics

With the inclusion of voice biometrics, Authentify xFA has added yet another level of user authentication. The system prompts users to speak a pass phrase so that it can identify specific end users. "They simply scan the digital image, speak their pass phrase and they're logged on at that point," Zurawski said, adding that a voice biometric is a numerical representation of your voice.

"What you've spoken effectively becomes unrecognizable, so if someone were to open that file and want that voice recording, there is no voice recording," he said. "It's a big set of numbers." He noted that in hospital environments, where personnel may have to log onto systems multiple times each day as they travel from floor to floor, the xFA could save considerable time.

"Aside from the scan and speak to logon, xFA does do secure messaging," Zurawski noted. The service allows financial and payment service providers to send an automated phone message to customers for validating transactions prior to processing. "If there's a man in the middle or some other exploit against their account, they hear the details, and if the details are wrong they have the opportunity to then cancel that transaction," he added.

FIDO gets into picture

Passwords no longer offer the protection they once did, as evidenced by increased cyber breach activity in recent years. Consequently, a number of enterprises have stepped in to develop suitable alternatives. "There has been a lot of focus lately on replacing username and password for login," said David Fish, Senior Analyst of Fraud, Risk & Analytics at Mercator Advisory Group.

"A lot of authentication companies have joined with a few larger players in the e-commerce space - namely PayPal, Google and Apple - in something called the FIDO Alliance," Fish said. "It's an initiative that seeks to replace current authentication procedures with things that are more secure, less vulnerable to hacking."

Fast Identify Online Alliance is a nonprofit organization formed in July 2012 to overcome lack of interoperability among strong authentication devices and to alleviate user authentication issues. The organization is in the process of developing specifications for interoperable authentication of devices for online services.

"We are a participant in the FIDO Alliance," Zurawski said. "The FIDO Alliance has not yet published their specification for what an authenticator will be in the FIDO universe, but we're actually hoping that when that specification is published, xFA will meet the criteria for a discoverable authenticator."

Until then, xFA offers hope to financial institutions, health care practices, business enterprises and e-commerce entities seeking alternative forms of secure authentication, both internally and externally. The Authentify xFA Service and app are available for a fixed annual subscription fee through the Apple and Android app stores.

For additional news stories, please visit www.greensheet.com and click on "Read the Entire Story" in the center column below the latest news story excerpt. This will take you to the full text of that story, followed by all other news stories posted online.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.